Content Security is a feature that helps to prevent cross-site scripting (XSS) attacks by enforcing strict security policies on the content that is embedded in your HTML templates. The feature works by blocking potentially dangerous scripts, IFrames, and other types of content from being executed in the context of your template.

When Content Security Policy (CSP) is enabled, it restricts the loading of all external content on the templates by default. Therefore, if you are utilizing any external content and CSP is enabled, it is necessary to add the corresponding policy to allow its inclusion.

Enabling and Configuring Content Security Policy:

1. Navigate to the Settings tab and access the Content Security Policy Configuration page.
2. Choose whether to enable or disable the Content Security Policy using the radio button.
3. If enabled, configure the policy by selecting a hostname expression, which can be your own domain or a third-party domain.
4. Allow or disallow specific policies for the selected domain using the checkboxes. For example, you can allow the use of inline scripts or block the use of external stylesheets.
5. Apply the policy by clicking the Add button.

Example -

https://youtu.be/WhZe0a7iGIs

Managing Existing Policies:

1. To manage existing policies, refer to the configured policy list.
2. Update or delete existing policies as needed.

After above steps, your Content Security Policy will be configured for the selected domain. You can repeat this process for other domains that your app interacts with as necessary.

It's important to note that configuring Content Security Policy can be a complex process and requires a good understanding of web security principles. Always ensure that your policies are appropriate for your app and regularly test your app for security vulnerabilities.

To know more about CSP follow this link - Content-Security-Policy Header ⟶ CSP Reference & Examples

https://content-security-policy.com/favicon.ico